Fixes among others:
. Bug #79580 (date_create_from_format misses leap year).
. Bug #80974 (Wrong diff between 2 dates in different timezones).
. Bug #81097 (DateTimeZone silently falls back to UTC when providing an offset with seconds).
. Bug #81273 (Date interval calculation not correct).
Some AVIF image generators didn't include the PixelInformationProperty
(pixi), even though strictly speaking they should. In v0.9.2, libavif
began requiring this. Let's disable it so we can read those images too.
We also remove xfail from test on FreeBSD.
Closes GH-7253.
This is very similar to the DH case, with the primary difference
that priv_key is ignored if pub_key is not given, rather than
generating pub_key from priv_key. Would be nice if these worked
the same (in which case we should probably also unify the keygen
for FFC algorithms, as it's very similar).
All other private keys are exported in PKCS#8 format, while EC
keys use traditional format. Switch them to use PKCS#8 format as
well.
As the OpenSSL docs say:
> PEM_write_bio_PrivateKey_traditional() writes out a private key
> in the "traditional" format with a simple private key marker and
> should only be used for compatibility with legacy programs.
Same as with pkcs7, switch these tests to use an algorithm that
OpenSSL 3 supports out of the box.
Once again, we should consider changing the default or making it
required.
The default of OPENSSL_CIPHER_RC2_40 is no longer (non-legacy)
supported in OpenSSL 3, specify a newer cipher instead.
We should probably either change the default (if acceptable) or
make the parameter required.
Instead construct a proper EVP_PKEY for the public key and
perform a derive operation.
Unfortunately we can't use a common code path here, because
EVP_PKEY_set1_encoded_public_key() formerly known as
EVP_PKEY_set1_tls_encodedpoint() does not appear to work with
DH keys prior to OpenSSL 3.
Rather than querying whether the EVP_PKEY contains private key
information, determine this at time of construction and store it
in the PHP object.
OpenSSL doesn't provide an API for this purpose, and seems
somewhat reluctant to add one, see
https://github.com/openssl/openssl/issues/9467.
To avoid using deprecated low-level APIs to determine whether
something is a private key ourselves, remember it at the point
of construction.
The recent fix for bug 52093 is not compatible with LibreSSL ≥ 2.7.0,
which we recognize as mostly OpenSSL 1.1.0 compatible, but they still
do not support `ASN1_INTEGER_set_int64()`.
Closes GH-7339.
With OpenSSL 3 ciphers may be registered, but not provided. Make
sure that openssl_get_cipher_methods() only returns provided
ciphers, so that "in_array openssl_get_cipher_methods" style
checks continue working as expected.
Nikita Popov